What this acm do is check every request, either it is authorized or not. Checking is done by matching request url with key_pattern(url pattern). And it the request url is not authorized, user will be redirected to unauthorized notice page. In case propagate is not set to true during runtime, oneface can’t use forceLogout() feature, so, we have to check for login status from time to time.